(Jul 29, 2015)
Many privacy and data protection regulators around the world, including regulators in Canada, France, Australia, Hong Kong and Colombia, have written guideline papers about accountability that promote the building of a privacy-management program. These guideline papers provide the building blocks for a privacy program but do not address how to resource the building and maintain a privacy-management program.
Privacy offices grapple with the challenge of finding enough resources to allocate for p...
Read More

(Jul 21, 2015)
Of all the personal data people guard most closely, personal medical records are near the top. Along with financial information, personal health records are data sets that have the potential to make us the most vulnerable in society. So it’s no surprise that, in the U.S., there are very specific and rigid laws that protect such data.
Of course, HIPAA is perhaps the most commonly known U.S.-based law related to privacy, even though the "P" is for "Portability" and not "Privacy."
The law has com...
Read More

(Jul 16, 2015)
Earlier this week, the World Wide Web Consortium (W3C) announced another major milestone in the standardization of Do Not Track. Most notably, the technical mechanism will soon be certified for widespread implementation.
While this progress is noteworthy, it’s also important to recognize that the W3C’s Do-Not-Track work has changed a lot in recent years. Originally, the goal was to get broad consensus between industry and advocates on a regime for limiting cross-site tracking at a user’s reques...
Read More

(Jul 9, 2015)
Privacy and security are meant to work in tandem, so why are they apart?
In most organizations security and privacy fall under separate command, and while they may interact and regularly meet as part of corporate governance and compliance programs, the intersection between the two functions is rarely maximized. In today’s increasingly severe data breach climate and with an avalanche of Internet-of-Things devices entering the workplace, is it time to explore a unified function?
This lack of a u...
Read More

(Jul 2, 2015)
Individual consent to data processing has been an anchor of data protection and privacy laws around the world. The assumption is that consent ensures that information practices are focused on the rights and interests of individuals by enabling them to control the use of their personal data. Most lawmakers resort to the consent-based model by default.
But is consent really the best and only way in this modern Information Age to provide meaningful control and to protect the individual?
This ques...
Read More

(Jun 22, 2015)
The last few days have featured good news for those who've been fighting against "revenge porn," or nonconsensual pornography. The practice of posting naked photos, primarily of women, to the Internet without their consent and against their will is finally being taken seriously in the broader mainstream.
Yes, there are almost two dozen state laws already outlawing it. Yes, the Federal Trade Commission (FTC) has taken action against one specific website. Yes, some arrests against perpetrators ha...
Read More

(Jun 16, 2015)
After three and a half years of intense negotiations, EU ministers finally agreed to a general approach on their version of the proposed General Data Protection Regulation at a meeting of the Justice and Home Affairs Council in Luxembourg on Monday.
This clears the way for trilogue negotiations to begin on June 24 with the Council of the European Union and the European Commission looking to finalise a compromise text with the European Parliament by the end of 2015. Parliament rapporteur Jan Phi...
Read More

(Jun 10, 2015)
Anyone keeping up with the negotiations on the proposed EU General Data Protection Regulation (GDPR) is aware that the negotiations are gradually coming to their conclusion. And while much work remains to be done, some of the many questions that have surrounded the reform can already be answered. Yes, the chosen form of legal act will be a regulation. Yes, the fines for non-compliance will be substantial. And yes, new and somewhat abstract concepts like privacy by design and by default will be m...
Read More

(Jun 9, 2015)
It’s terrific there’s no gap in pay between the salaries of male and female privacy professionals. I am not surprised, but thrilled there is proof of what I have long felt to be true.
As one of the early pioneers of the privacy profession, I proudly offer some reasons why we have managed to get it right. Now that I am on the sidelines, I hope the trend continues.
Not one gender more than the other, but equal, as it should be.
Shortly after the turn of the century,I was asked to take on the Gl...
Read More

(Jun 8, 2015)
Two years after the first story based on Edward Snowden’s leaks hit the press, the U.S. government enacted the USA FREEDOM Act, ending bulk collection under Section 215. As one of five members of President Obama’s Review Group on Intelligence and Communications Technology, I applaud its passage—the biggest pro-privacy change to U.S. intelligence law since the original enactment of the Foreign Intelligence Surveillance Act in 1978.
There is a close fit between the Review Group’s work and the new...
Read More

The IAPP is the largest and most comprehensive global information privacy community and resource. Founded in 2000, the IAPP is a not-for-profit organization that helps define, support and improve the privacy profession globally.Learn more

The IAPP is the only place you’ll find a comprehensive body of resources, knowledge and experts to help you navigate the complex landscape of today’s data-driven world. We offer individual, corporate and group memberships, and all members have access to an extensive array of benefits.